Cloud computing and virtualization have been playing a key role in recent years among the technologies adopted in information technology solutions for designing, maintaining and operating data centers.
As physical servers and workstations, even virtualized computing resources, need to comply with certain company policies regarding software configuration and security, lots of software products and solutions that help IT administrators to monitor policy compliance of data centers are on the market.
Typically, IT administrators, security auditors and other professionals that are responsible for policy compliance may receive reports from those tools that may highlight the computers which may violate defined compliance rules or may also highlight some other constraints, so that the administrators may take an action to resolve the issue. Typically, the resource that may be marked as not-compliant by the tool with the defined compliance rules may need to be detached from the company network in order to prevent the diffusion of the problem, like viruses, worms, spyware, etc.
Working with a machine not attached to the company network can be very difficult and may require IT professionals to physically stand in front of the failing system and log-in to resolve potential problems. Moreover, patching tools are often centralized in the data center or company repositories, and thus not available without a network connection.
There are some disclosures related to a method for managing virtual machine (VM) policy compliance.
Document U.S. Pat. No. 8,234,641 B2 discloses techniques for controlling and managing virtual machines. In one particular embodiment, a systems management partition is created inside the virtual machine to provide a persistent and resilient storage for management information. The VM management information can be made available for pre-execution processing, including policy-based compliance testing.
Document US 2010/0017512 A1 discloses a compliance test, during which an identified VM image is controlled such that it cannot connect to the network. One or more tests are carried out to determine if the virtual machine is compliant with one or more predetermined requirements. If a VM is compliant with said one or more predetermined requirements, the VM image is connected to the network.
However, these solutions have limitations in the way compliance detection is performed and network connections are handled. Therefore, there is a need for an improved mechanism for restoring compliance of a VM found to be non-compliant.